Mar 062010
[webmin-iptables]
enabled = true
filter = webmin-auth
action = iptables[name=webmin, port=10000, protocol=tcp]
sendmail-whois[name=WEBMIN, dest=example@example.com, sender=example@example.com]
logpath = /var/log/secure
Modify the two instances of example@example.com with the destination and sender email address. This jail will monitor attempted logins to the Webmin user interface, which runs on port 10000, and if there are to many, issue a ban on the IP address. The email address supplied in dest= will receive an email saying the ban as been issued. If you moved your install of Webmin to run on something other than port 10000, change the port= value as appropriate.
Sorry, the comment form is closed at this time.